Lenovo Rapped for Preinstalling SpywareFebruary 19, 2015
Lenovo has come under fire for preinstalling spyware on some of its laptops. The software, Superfish, uses the same techniques cybercriminals often employ to crack encrypted traffic. "Superfish is purposely designed to bypass the security of HTTPS websites in a manner that would allow malware and attackers to also bypass the security provided by HTTPS," said Bluebox cofounder Adam Ely.

Cyberthieves Bag a Billion in Snail-Speed Bank HeistsFebruary 18, 2015
Criminals using Carbanak malware have stolen up to $1 billion from 100 financial institutions in Russia, China, Germany and the United States, Kaspersky Lab has revealed. The gang is expanding operations to other countries. Kaspersky has advised financial institutions to scan their networks for intrusion by Carbanak. "These are advanced threat actors," said Lancope CTO TK Keanini.

NSA Suspected of Spreading Super-Resistant MalwareFebruary 17, 2015
Kaspersky Lab on Tuesday announced the discovery of what may be the most sophisticated malware ever. The malware's creators, whom Kaspersky has dubbed "The Equation Group," use a never-seen-before tactic to infect hard drives' firmware. The technique "makes traditional antivirus and antimalware software practically useless," said Protegrity VP of Products Yigal Rozenberg.

It's Time to Investigate Cyber InsuranceFebruary 17, 2015
Almost every day there are reports of cyberintrusions, attacks and related security breaches. If your company does not have the right insurance, it could be even more of a disaster. What company can afford not to have insurance for a potential cyberdisaster? Let's look at some protective measures that can be taken to safeguard your business.

Encryption Can Create Stormy Weather in the CloudFebruary 17, 2015
Encryption has received a lot of attention lately as a solution to the growing data breach problem, but one of the hang-ups dogging the technology has been its ability to play nice in the cloud. That's especially true if an organization wants to control the keys by which its data is scrambled and use services offered by a cloud provider beyond simple storage.

Facebook Launches ThreatExchange to Stymie CybercrimeFebruary 13, 2015
"Threat researchers do already share this data manually," Jeremy Demar, director of threat research at Damballa, told TechNewsWorld. "The value in systems like this isn't the ability to share raw intelligence [it's the] structured data that allows for the information to be accessed quickly and easily by the users." ThreatExchange is based on Facebook's ThreatData threat analysis framework.

How Eroding Trust Hurts CompaniesFebruary 12, 2015
I love all the innovation and trends in the wireless, telecom, television, Internet and tech space. However there is also a big warning light flashing ahead that no one is paying attention to...trust is eroding. Trust is a delicate thing and is being ignored. Innovation is great, but if we don't protect the privacy and personal information of users, they will lose trust and that will bite us in the end.

Obama's Cyberthreat Intel Aggregator Plan Divides Security ExpertsFebruary 12, 2015
The Obama Administration on Tuesday announced plans to set up a national Cyber Threat Intelligence Integration Center to integrate all data from government agencies and the private sector, and disseminate it appropriately. The intelligence integration center will initially have a staff of 50 and a budget of US$35 million. Reactions from cybersecurity experts were mixed.

Box to Let Enterprises Bring Their Own Keys to the CloudFebruary 11, 2015
Box on Tuesday raised the curtain on a new offering that allows its enterprise customers to control the digital keys used to encrypt their data stored in the storage provider's cloud. Box is working with Amazon Web Services and Gemalto to bring to market "Box Enterprise Key Management," and give its most security-minded customers total control over the keys used to encrypt data they store on Box.

Bug Bounties Entice Researchers to Don White HatsFebruary 10, 2015
Bug bounty programs are used by individual software makers to improve the quality of their products, but they can have incidental benefits for all software makers, too. One of those is to encourage bug hunters to wear a white hat instead of a black one. When you make it easy for hackers to do the right thing, the majority will," noted Alex Rice, CTO of HackerOne.

Federal 'Internet of Things' Report Triggers Debate, Senate InquiryFebruary 10, 2015
Just how close is 'too close for comfort' in the unprecedented connectivity of people, products and electronic communication that lies ahead with the Internet of Things? Should the providers of electronic devices be allowed to know when you set your house thermometer, or how often and how long you go for a jog using a 'wearable' electronic exercise sensor?

Concerns Emerge About Samsung Smart TVs 'Bugging' OwnersFebruary 09, 2015
The feature in question may transmit some voice commands, along with information about the device, to a third-party service that converts speech to text, Samsung's global privacy policy warns. If voice recognition is going to be on all the time, "that seems like really poor design, and certainly represents a privacy risk," said Justin Brookman, director of the consumer privacy project at the Center for Democracy & Technology.

Anthem Mega-Breach Jeopardizes 80 Million ConsumersFebruary 05, 2015
Hackers broke into the databases of Anthem Inc., the second-largest health insurer in the U.S., and stole up to 80 million customers' personal information. The data includes current and former customers' names, birthdays, medical IDs, social security numbers, street addresses, email addresses and employment information, Anthem president and CEO Joseph Swedish wrote in a note sent to customers.

FTC Argues Against IoT Law, For NowFebruary 05, 2015
The global "installed and connected base" of IoT units will reach approximately 30 billion in 2020, noted IDC in a November 2014 report. Yet now is not the time to enact privacy or security laws aimed directly at the impact of the IoT, the U.S. Federal Trade Commission says. The FTC argues that such specific legislation could stymie the development of IoT technology.

IoT Risky Business for Enterprise NetworksFebruary 05, 2015
There were 9 billion Internet of Things units installed at the end of 2013 -- and analysts expect the figure to hit 28 billion by 2020. That's going to make life difficult for IT security admins. A Tripwire survey found that employed consumers who took work home had an average of 11 IoT devices on their home networks, and 24 percent of them had connected at least one of these devices to their enterprise network.

Infected Android Apps From Google Play Affect MillionsFebruary 04, 2015
The malware harbors fake ads that pop up when users unlock their devices, to warn them about nonexistent infections, or that their devices are out of date or have porn. Victims are then asked to take action. If they agree, they are redirected to poisoned Web pages that contain a variety of hazards. Google spokesperson Elizabeth Markman did not confirm how many devices had been hit.

Is the FTC Jumping the Gun on IoT Security?February 03, 2015
For months, the security community has been waving a red flag about how the nascent Internet of Things could become a cyber criminal's paradise. Last week, those admonitions were given some credence when the Federal Trade Commission recommended that the makers of IoT gadgets adopt some "best practices" to protect consumers from potential violations of their privacy and security.

Google Expands Bug Bounty ProgramFebruary 02, 2015
Since 2010, when it began paying security researchers to find flaws in its programs, Google has paid more than US$4 million to bug hunters. Now it's prepared to pay even more. The company announced Friday that it's expanding its Security Rewards Programs to include payments to researchers before they find bugs in Google's software. It's also broadening the reach of its Vulnerability Reward Program.

AWS Success Underscores Demand for Cloud ServicesFebruary 02, 2015
Despite several highly publicized cloud hacks last year -- including the iCloud and Sony breaches -- the demand for cloud services is skyrocketing. Amazon Web Services grabbed 30 percent of the global cloud infrastructure service market in Q4, Synergy Research reports. AWS grew 51 percent year over year (YoY). Why the mad rush to the cloud? Isn't security an issue any more? And who's buying into the cloud?

China May Write New Rules for US Businesses Selling Tech to BanksFebruary 02, 2015
A group of organizations representing American businesses last week requested urgent discussion and dialog with China's government. They expressed concern about the possible adoption of a policy to ensure that any Internet and information communications technology products Chinese banks purchase from companies outside of China are secure and controllable.

A Little Dab of Credit Card Data Can ID CustomersFebruary 02, 2015
Credit card users may be dismayed by findings MIT Researchers reported last week in the journal Science: Just four pieces of vague non-identifying information were enough to identify 90 percent of people in a data set of 1.1 million credit card users. When the researchers went to work with three pieces of less vague information, they achieved 94 percent success.

Amazon WorkMail Lifts Back-End Email Burden From IT's ShouldersJanuary 30, 2015
Amazon is making a play for the enterprise email market. Offered by Amazon Web Services, WorkMail targets companies that want to move their on-premises email services to the cloud. WorkMail reduces complexity and cost. With all mail infrastructure relocated to Amazon's cloud, a company no longer need be concerned with buying hardware, installing patches, and installing mail backup systems.

Google Gives WebView the Cold ShoulderJanuary 30, 2015
Google has decided not to fix vulnerabilities in WebView for Android 4.3 and older, sparking heated discussions among developers. Those versions of WebView run on the WebKit browser. Fixing them "required changes to significant portions of the code and was no longer practical to do so safely," explained Adrian Ludwig, lead engineer for Android security.

Canada Levitates Data from File-Sharing SitesJanuary 29, 2015
Canada's spy agency, the Communications Security Establishment, has been eavesdropping on 102 free file upload sites, including Sendspace, Rapidshare and Megaupload, which has been shut down. A CSE program called "Levitation" lets analysts access information on 10-15 million uploads and downloads of files from such sites daily, according to documents released by whistle-blower Edward Snowden.